From fafd25143d46220c537de8ef514d5954129528eb Mon Sep 17 00:00:00 2001
From: sarthurdev <965089+sarthurdev@users.noreply.github.com>
Date: Sun, 30 Jan 2022 00:39:12 +0100
Subject: firewall: T2199: Add constraint for tagnode names
---
interface-definitions/zone-policy.xml.in | 3 +++
1 file changed, 3 insertions(+)
(limited to 'interface-definitions/zone-policy.xml.in')
diff --git a/interface-definitions/zone-policy.xml.in b/interface-definitions/zone-policy.xml.in
index dd64c7c16..69ee031c7 100644
--- a/interface-definitions/zone-policy.xml.in
+++ b/interface-definitions/zone-policy.xml.in
@@ -13,6 +13,9 @@
txt
Zone name
+
+ ^[a-zA-Z0-9][\w\-\.]*$
+
#include
--
cgit v1.2.3
From a68c9238111c6caee78bb28f8054b8f0cfa0e374 Mon Sep 17 00:00:00 2001
From: Christian Poessinger
Date: Thu, 24 Feb 2022 22:47:12 +0100
Subject: scripts: T4269: node.def generator should automatically add default
values
Since introducing the XML node it was common, but redundant,
practice to also add a help string indicating which value would be used as
default if the node is unset.
This makes no sense b/c it's duplicated code/value/characters and prone to
error. The node.def scripts should be extended to automatically render the
appropriate default value into the CLI help string.
For e.g. SSH the current PoC renders:
$ cat templates-cfg/service/ssh/port/node.def
multi:
type: txt
help: Port for SSH service (default: 22)
val_help: u32:1-65535; Numeric IP port
...
Not all subsystems are already migrated to get_config_dict() and make use of
the defaults() call - those subsystems need to be migrated, first before the new
default is added to the CLI help.
---
interface-definitions/containers.xml.in | 6 ++--
interface-definitions/dhcp-relay.xml.in | 6 ++--
interface-definitions/dhcp-server.xml.in | 2 +-
interface-definitions/dhcpv6-relay.xml.in | 2 +-
interface-definitions/dns-domain-name.xml.in | 1 +
interface-definitions/dns-forwarding.xml.in | 6 ++--
interface-definitions/flow-accounting-conf.xml.in | 26 +++++++++---------
interface-definitions/high-availability.xml.in | 16 +++++------
interface-definitions/igmp-proxy.xml.in | 8 +++---
.../include/accel-ppp/client-ipv6-pool.xml.i | 2 +-
.../include/accel-ppp/radius-additions.xml.i | 6 ++--
interface-definitions/include/bfd/common.xml.i | 6 ++--
.../include/bgp/protocol-common-config.xml.i | 2 +-
.../include/bgp/timers-keepalive.xml.i | 2 +-
.../include/firewall/name-default-action.xml.i | 2 +-
.../include/interface/arp-cache-timeout.xml.i | 2 +-
.../include/interface/dhcp-options.xml.i | 2 +-
.../include/interface/dhcpv6-options.xml.i | 4 +--
.../include/nat-translation-options.xml.i | 4 +--
interface-definitions/include/ospf/auto-cost.xml.i | 2 +-
.../include/ospf/interface-common.xml.i | 2 +-
interface-definitions/include/ospf/intervals.xml.i | 8 +++---
.../include/ospf/metric-type.xml.i | 2 +-
.../include/ospf/protocol-common-config.xml.i | 18 ++++++------
.../include/ospfv3/protocol-common-config.xml.i | 2 +-
.../include/radius-server-port.xml.i | 2 +-
interface-definitions/include/rip/rip-timers.xml.i | 6 ++--
.../include/snmp/access-mode.xml.i | 2 +-
.../include/snmp/authentication-type.xml.i | 2 +-
.../include/snmp/privacy-type.xml.i | 2 +-
interface-definitions/include/snmp/protocol.xml.i | 2 +-
.../include/vpn-ipsec-encryption.xml.i | 2 +-
interface-definitions/include/vpn-ipsec-hash.xml.i | 2 +-
interface-definitions/interfaces-bonding.xml.in | 6 ++--
interface-definitions/interfaces-bridge.xml.in | 10 +++----
interface-definitions/interfaces-ethernet.xml.in | 4 +--
interface-definitions/interfaces-l2tpv3.xml.in | 6 ++--
interface-definitions/interfaces-macsec.xml.in | 4 +--
interface-definitions/interfaces-openvpn.xml.in | 22 +++++++--------
interface-definitions/interfaces-pppoe.xml.in | 2 +-
interface-definitions/interfaces-tunnel.xml.in | 4 +--
interface-definitions/interfaces-wireless.xml.in | 10 +++----
interface-definitions/protocols-rpki.xml.in | 2 +-
.../service_console-server.xml.in | 6 ++--
.../service_monitoring_telegraf.xml.in | 6 ++--
interface-definitions/service_router-advert.xml.in | 14 +++++-----
interface-definitions/service_webproxy.xml.in | 26 ++++++++++--------
interface-definitions/snmp.xml.in | 6 ++--
interface-definitions/ssh.xml.in | 2 +-
interface-definitions/system-ip.xml.in | 2 +-
interface-definitions/system-login.xml.in | 4 +--
interface-definitions/system-logs.xml.in | 8 +++---
interface-definitions/vpn_ipsec.xml.in | 32 +++++++++++-----------
interface-definitions/vpn_l2tp.xml.in | 10 +++----
interface-definitions/vpn_openconnect.xml.in | 12 ++++----
interface-definitions/zone-policy.xml.in | 6 ++--
scripts/build-command-templates | 17 +++++++++---
57 files changed, 197 insertions(+), 183 deletions(-)
(limited to 'interface-definitions/zone-policy.xml.in')
diff --git a/interface-definitions/containers.xml.in b/interface-definitions/containers.xml.in
index 07686b16e..9cd2b0902 100644
--- a/interface-definitions/containers.xml.in
+++ b/interface-definitions/containers.xml.in
@@ -111,7 +111,7 @@
- Constrain the memory available to a container (default: 512MB)
+ Constrain the memory available to a container
u32:0
Unlimited
@@ -212,7 +212,7 @@
on-failure
- Restart containers when they exit with a non-zero exit code, retrying indefinitely (default)
+ Restart containers when they exit with a non-zero exit code, retrying indefinitely
always
@@ -283,7 +283,7 @@
- Add registry (default docker.io)
+ Add registry
docker.io
diff --git a/interface-definitions/dhcp-relay.xml.in b/interface-definitions/dhcp-relay.xml.in
index 483e776a7..a5643add6 100644
--- a/interface-definitions/dhcp-relay.xml.in
+++ b/interface-definitions/dhcp-relay.xml.in
@@ -20,7 +20,7 @@
Policy to discard packets that have reached specified hop-count
u32:1-255
- Hop count (default: 10)
+ Hop count
@@ -34,7 +34,7 @@
Maximum packet size to send to a DHCPv4/BOOTP server
u32:64-1400
- Maximum packet size (default: 576)
+ Maximum packet size
@@ -44,7 +44,7 @@
- Policy to handle incoming DHCPv4 packets which already contain relay agent options (default: forward)
+ Policy to handle incoming DHCPv4 packets which already contain relay agent options
append replace forward discard
diff --git a/interface-definitions/dhcp-server.xml.in b/interface-definitions/dhcp-server.xml.in
index d1ed579e9..312dcd2a0 100644
--- a/interface-definitions/dhcp-server.xml.in
+++ b/interface-definitions/dhcp-server.xml.in
@@ -198,7 +198,7 @@
- Lease timeout in seconds (default: 86400)
+ Lease timeout in seconds
u32
DHCP lease time in seconds
diff --git a/interface-definitions/dhcpv6-relay.xml.in b/interface-definitions/dhcpv6-relay.xml.in
index 7162cf353..5abcbe804 100644
--- a/interface-definitions/dhcpv6-relay.xml.in
+++ b/interface-definitions/dhcpv6-relay.xml.in
@@ -36,7 +36,7 @@
Maximum hop count for which requests will be processed
u32:1-255
- Hop count (default: 10)
+ Hop count
diff --git a/interface-definitions/dns-domain-name.xml.in b/interface-definitions/dns-domain-name.xml.in
index 005a55ab3..7ae537d00 100644
--- a/interface-definitions/dns-domain-name.xml.in
+++ b/interface-definitions/dns-domain-name.xml.in
@@ -29,6 +29,7 @@
+
System host name (default: vyos)
diff --git a/interface-definitions/dns-forwarding.xml.in b/interface-definitions/dns-forwarding.xml.in
index 4faf604ad..a2e809da8 100644
--- a/interface-definitions/dns-forwarding.xml.in
+++ b/interface-definitions/dns-forwarding.xml.in
@@ -16,7 +16,7 @@
- DNS forwarding cache size (default: 10000)
+ DNS forwarding cache size
u32:0-2147483647
DNS forwarding cache size
@@ -38,7 +38,7 @@
- DNSSEC mode (default: process-no-validate)
+ DNSSEC mode
off process-no-validate process log-fail validate
@@ -587,7 +587,7 @@
#include
- Maximum amount of time negative entries are cached (default: 3600)
+ Maximum amount of time negative entries are cached
u32:0-7200
Seconds to cache NXDOMAIN entries
diff --git a/interface-definitions/flow-accounting-conf.xml.in b/interface-definitions/flow-accounting-conf.xml.in
index 1b57d706c..05cf5e170 100644
--- a/interface-definitions/flow-accounting-conf.xml.in
+++ b/interface-definitions/flow-accounting-conf.xml.in
@@ -14,7 +14,7 @@
Buffer size
u32
- Buffer size in MiB (default: 10)
+ Buffer size in MiB
@@ -27,7 +27,7 @@
Specifies the maximum number of bytes to capture for each packet
u32:128-750
- Packet length in bytes (default: 128)
+ Packet length in bytes
@@ -209,7 +209,7 @@
9
- NetFlow version 9 (default)
+ NetFlow version 9
10
@@ -240,7 +240,7 @@
NetFlow port number
u32:1025-65535
- NetFlow port number (default: 2055)
+ NetFlow port number
@@ -260,7 +260,7 @@
Expiry scan interval
u32:0-2147483647
- Expiry scan interval (default: 60)
+ Expiry scan interval
@@ -273,7 +273,7 @@
Generic flow timeout value
u32:0-2147483647
- Generic flow timeout in seconds (default: 3600)
+ Generic flow timeout in seconds
@@ -286,7 +286,7 @@
ICMP timeout value
u32:0-2147483647
- ICMP timeout in seconds (default: 300)
+ ICMP timeout in seconds
@@ -299,7 +299,7 @@
Max active timeout value
u32:0-2147483647
- Max active timeout in seconds (default: 604800)
+ Max active timeout in seconds
@@ -312,7 +312,7 @@
TCP finish timeout value
u32:0-2147483647
- TCP FIN timeout in seconds (default: 300)
+ TCP FIN timeout in seconds
@@ -325,7 +325,7 @@
TCP generic timeout value
u32:0-2147483647
- TCP generic timeout in seconds (default: 3600)
+ TCP generic timeout in seconds
@@ -338,7 +338,7 @@
TCP reset timeout value
u32:0-2147483647
- TCP RST timeout in seconds (default: 120)
+ TCP RST timeout in seconds
@@ -351,7 +351,7 @@
UDP timeout value
u32:0-2147483647
- UDP timeout in seconds (default: 300)
+ UDP timeout in seconds
@@ -418,7 +418,7 @@
sFlow port number
u32:1025-65535
- sFlow port number (default: 6343)
+ sFlow port number
diff --git a/interface-definitions/high-availability.xml.in b/interface-definitions/high-availability.xml.in
index ee1d70484..662052e12 100644
--- a/interface-definitions/high-availability.xml.in
+++ b/interface-definitions/high-availability.xml.in
@@ -22,7 +22,7 @@
Advertise interval
u32:1-255
- Advertise interval in seconds (default: 1)
+ Advertise interval in seconds
@@ -79,7 +79,7 @@
- Health check failure count required for transition to fault (default: 3)
+ Health check failure count required for transition to fault
@@ -88,7 +88,7 @@
- Health check execution interval in seconds (default: 60)
+ Health check execution interval in seconds
@@ -160,7 +160,7 @@
- Router priority (default: 100)
+ Router priority
u32:1-255
Router priority
@@ -333,7 +333,7 @@
Interval between health-checks (in seconds)
u32:1-600
- Interval in seconds (default: 10)
+ Interval in seconds
@@ -343,7 +343,7 @@
- Forwarding method (default: NAT)
+ Forwarding method
direct nat tunnel
@@ -371,7 +371,7 @@
Timeout for persistent connections
u32:1-86400
- Timeout for persistent connections (default: 300)
+ Timeout for persistent connections
@@ -381,7 +381,7 @@
- Protocol for port checks (default: TCP)
+ Protocol for port checks
tcp udp
diff --git a/interface-definitions/igmp-proxy.xml.in b/interface-definitions/igmp-proxy.xml.in
index 91c912d8b..c7ab60929 100644
--- a/interface-definitions/igmp-proxy.xml.in
+++ b/interface-definitions/igmp-proxy.xml.in
@@ -39,7 +39,7 @@
- IGMP interface role (default: downstream)
+ IGMP interface role
upstream downstream disabled
@@ -49,7 +49,7 @@
downstream
- Downstream interface(s) (default)
+ Downstream interface(s)
disabled
@@ -63,10 +63,10 @@
- TTL threshold (default: 1)
+ TTL threshold
u32:1-255
- TTL threshold for the interfaces (default: 1)
+ TTL threshold for the interfaces
diff --git a/interface-definitions/include/accel-ppp/client-ipv6-pool.xml.i b/interface-definitions/include/accel-ppp/client-ipv6-pool.xml.i
index a692f2335..01cf0e040 100644
--- a/interface-definitions/include/accel-ppp/client-ipv6-pool.xml.i
+++ b/interface-definitions/include/accel-ppp/client-ipv6-pool.xml.i
@@ -21,7 +21,7 @@
Prefix length used for individual client
u32:48-128
- Client prefix length (default: 64)
+ Client prefix length
diff --git a/interface-definitions/include/accel-ppp/radius-additions.xml.i b/interface-definitions/include/accel-ppp/radius-additions.xml.i
index 258ece2b5..441c9dda5 100644
--- a/interface-definitions/include/accel-ppp/radius-additions.xml.i
+++ b/interface-definitions/include/accel-ppp/radius-additions.xml.i
@@ -21,7 +21,7 @@
Accounting port
u32:1-65535
- Numeric IP port (default: 1813)
+ Numeric IP port
@@ -62,7 +62,7 @@
- Timeout for Interim-Update packets, terminate session afterwards (default 3 seconds)
+ Timeout for Interim-Update packets, terminate session afterwards
u32:0-60
Timeout in seconds, 0 to keep active
@@ -126,7 +126,7 @@
- Port for Dynamic Authorization Extension server (DM/CoA) (default: 1700)
+ Port for Dynamic Authorization Extension server (DM/CoA)
u32:1-65535
TCP port
diff --git a/interface-definitions/include/bfd/common.xml.i b/interface-definitions/include/bfd/common.xml.i
index e52221441..126ab9b9a 100644
--- a/interface-definitions/include/bfd/common.xml.i
+++ b/interface-definitions/include/bfd/common.xml.i
@@ -15,7 +15,7 @@
Minimum interval of receiving control packets
u32:10-60000
- Interval in milliseconds (default: 300)
+ Interval in milliseconds
@@ -28,7 +28,7 @@
Minimum interval of transmitting control packets
u32:10-60000
- Interval in milliseconds (default: 300)
+ Interval in milliseconds
@@ -41,7 +41,7 @@
Multiplier to determine packet loss
u32:2-255
- Remote transmission interval will be multiplied by this value (default: 3)
+ Remote transmission interval will be multiplied by this value
diff --git a/interface-definitions/include/bgp/protocol-common-config.xml.i b/interface-definitions/include/bgp/protocol-common-config.xml.i
index 8214d0779..38337b032 100644
--- a/interface-definitions/include/bgp/protocol-common-config.xml.i
+++ b/interface-definitions/include/bgp/protocol-common-config.xml.i
@@ -1191,7 +1191,7 @@
Set period to rescan BGP table to check if condition is met
u32:5-240
- Period to rerun the conditional advertisement scanner process (default: 60)
+ Period to rerun the conditional advertisement scanner process
diff --git a/interface-definitions/include/bgp/timers-keepalive.xml.i b/interface-definitions/include/bgp/timers-keepalive.xml.i
index b2771e326..b23f96ec8 100644
--- a/interface-definitions/include/bgp/timers-keepalive.xml.i
+++ b/interface-definitions/include/bgp/timers-keepalive.xml.i
@@ -4,7 +4,7 @@
BGP keepalive interval for this neighbor
u32:1-65535
- Keepalive interval in seconds (default 60)
+ Keepalive interval in seconds
diff --git a/interface-definitions/include/firewall/name-default-action.xml.i b/interface-definitions/include/firewall/name-default-action.xml.i
index 1b61b076f..8470a29a9 100644
--- a/interface-definitions/include/firewall/name-default-action.xml.i
+++ b/interface-definitions/include/firewall/name-default-action.xml.i
@@ -7,7 +7,7 @@
drop
- Drop if no prior rules are hit (default)
+ Drop if no prior rules are hit
reject
diff --git a/interface-definitions/include/interface/arp-cache-timeout.xml.i b/interface-definitions/include/interface/arp-cache-timeout.xml.i
index cb01d0525..06d7ffe96 100644
--- a/interface-definitions/include/interface/arp-cache-timeout.xml.i
+++ b/interface-definitions/include/interface/arp-cache-timeout.xml.i
@@ -4,7 +4,7 @@
ARP cache entry timeout in seconds
u32:1-86400
- ARP cache entry timout in seconds (default 30)
+ ARP cache entry timout in seconds
diff --git a/interface-definitions/include/interface/dhcp-options.xml.i b/interface-definitions/include/interface/dhcp-options.xml.i
index f62b06640..098d02919 100644
--- a/interface-definitions/include/interface/dhcp-options.xml.i
+++ b/interface-definitions/include/interface/dhcp-options.xml.i
@@ -30,7 +30,7 @@
Distance for the default route from DHCP server
u32:1-255
- Distance for the default route from DHCP server (default: 210)
+ Distance for the default route from DHCP server
diff --git a/interface-definitions/include/interface/dhcpv6-options.xml.i b/interface-definitions/include/interface/dhcpv6-options.xml.i
index d1abf4a90..08e4f5e0a 100644
--- a/interface-definitions/include/interface/dhcpv6-options.xml.i
+++ b/interface-definitions/include/interface/dhcpv6-options.xml.i
@@ -57,10 +57,10 @@
- Local interface address assigned to interface
+ Local interface address assigned to interface (default: EUI-64)
>0
- Used to form IPv6 interface address (default: EUI-64)
+ Used to form IPv6 interface address
diff --git a/interface-definitions/include/nat-translation-options.xml.i b/interface-definitions/include/nat-translation-options.xml.i
index df2f76397..f1539757b 100644
--- a/interface-definitions/include/nat-translation-options.xml.i
+++ b/interface-definitions/include/nat-translation-options.xml.i
@@ -16,7 +16,7 @@
random
- Random source or destination address allocation for each connection (default)
+ Random source or destination address allocation for each connection
^(persistent|random)$
@@ -39,7 +39,7 @@
none
- Do not apply port randomization (default)
+ Do not apply port randomization
^(random|fully-random|none)$
diff --git a/interface-definitions/include/ospf/auto-cost.xml.i b/interface-definitions/include/ospf/auto-cost.xml.i
index 3e6cc8232..da6483a00 100644
--- a/interface-definitions/include/ospf/auto-cost.xml.i
+++ b/interface-definitions/include/ospf/auto-cost.xml.i
@@ -6,7 +6,7 @@
- Reference bandwidth method to assign cost (default: 100)
+ Reference bandwidth method to assign cost
u32:1-4294967
Reference bandwidth cost in Mbits/sec
diff --git a/interface-definitions/include/ospf/interface-common.xml.i b/interface-definitions/include/ospf/interface-common.xml.i
index 738651594..9c8b94f0b 100644
--- a/interface-definitions/include/ospf/interface-common.xml.i
+++ b/interface-definitions/include/ospf/interface-common.xml.i
@@ -20,7 +20,7 @@
- Router priority (default: 1)
+ Router priority
u32:0-255
OSPF router priority cost
diff --git a/interface-definitions/include/ospf/intervals.xml.i b/interface-definitions/include/ospf/intervals.xml.i
index fad1a6305..9f6e5df69 100644
--- a/interface-definitions/include/ospf/intervals.xml.i
+++ b/interface-definitions/include/ospf/intervals.xml.i
@@ -1,7 +1,7 @@
- Interval after which a neighbor is declared dead (default: 40)
+ Interval after which a neighbor is declared dead
u32:1-65535
Neighbor dead interval (seconds)
@@ -14,7 +14,7 @@
- Interval between hello packets (default: 10)
+ Interval between hello packets
u32:1-65535
Hello interval (seconds)
@@ -27,7 +27,7 @@
- Interval between retransmitting lost link state advertisements (default: 5)
+ Interval between retransmitting lost link state advertisements
u32:1-65535
Retransmit interval (seconds)
@@ -40,7 +40,7 @@
- Link state transmit delay (default: 1)
+ Link state transmit delay
u32:1-65535
Link state transmit delay (seconds)
diff --git a/interface-definitions/include/ospf/metric-type.xml.i b/interface-definitions/include/ospf/metric-type.xml.i
index ef9fd8ac0..de55c7645 100644
--- a/interface-definitions/include/ospf/metric-type.xml.i
+++ b/interface-definitions/include/ospf/metric-type.xml.i
@@ -1,7 +1,7 @@
- OSPF metric type for default routes (default: 2)
+ OSPF metric type for default routes
u32:1-2
Set OSPF External Type 1/2 metrics
diff --git a/interface-definitions/include/ospf/protocol-common-config.xml.i b/interface-definitions/include/ospf/protocol-common-config.xml.i
index e783f4bec..088bee2de 100644
--- a/interface-definitions/include/ospf/protocol-common-config.xml.i
+++ b/interface-definitions/include/ospf/protocol-common-config.xml.i
@@ -106,7 +106,7 @@
- Configure NSSA-ABR (default: candidate)
+ Configure NSSA-ABR
always candidate never
@@ -116,7 +116,7 @@
candidate
- Translate for election (default)
+ Translate for election
never
@@ -502,7 +502,7 @@
- Dead neighbor polling interval (default: 60)
+ Dead neighbor polling interval
u32:1-65535
Seconds between dead neighbor polling interval
@@ -515,7 +515,7 @@
- Neighbor priority in seconds (default: 0)
+ Neighbor priority in seconds
u32:0-255
Neighbor priority
@@ -535,13 +535,13 @@
- OSPF ABR type (default: cisco)
+ OSPF ABR type
cisco ibm shortcut standard
cisco
- Cisco ABR type (default)
+ Cisco ABR type
ibm
@@ -712,7 +712,7 @@
- Delay from the first change received to SPF calculation (default: 200)
+ Delay from the first change received to SPF calculation
u32:0-600000
Delay in milliseconds
@@ -725,7 +725,7 @@
- Initial hold time between consecutive SPF calculations (default: 1000)
+ Initial hold time between consecutive SPF calculations
u32:0-600000
Initial hold time in milliseconds
@@ -738,7 +738,7 @@
- Maximum hold time (default: 10000)
+ Maximum hold time
u32:0-600000
Max hold time in milliseconds
diff --git a/interface-definitions/include/ospfv3/protocol-common-config.xml.i b/interface-definitions/include/ospfv3/protocol-common-config.xml.i
index 5d08debda..792c873c8 100644
--- a/interface-definitions/include/ospfv3/protocol-common-config.xml.i
+++ b/interface-definitions/include/ospfv3/protocol-common-config.xml.i
@@ -158,7 +158,7 @@
- Instance Id (default: 0)
+ Instance ID
u32:0-255
Instance Id
diff --git a/interface-definitions/include/radius-server-port.xml.i b/interface-definitions/include/radius-server-port.xml.i
index 4e5d906bc..c6b691a0f 100644
--- a/interface-definitions/include/radius-server-port.xml.i
+++ b/interface-definitions/include/radius-server-port.xml.i
@@ -4,7 +4,7 @@
Authentication port
u32:1-65535
- Numeric IP port (default: 1812)
+ Numeric IP port
diff --git a/interface-definitions/include/rip/rip-timers.xml.i b/interface-definitions/include/rip/rip-timers.xml.i
index 3aaaf8e65..129d9ed23 100644
--- a/interface-definitions/include/rip/rip-timers.xml.i
+++ b/interface-definitions/include/rip/rip-timers.xml.i
@@ -9,7 +9,7 @@
Garbage collection timer
u32:5-2147483647
- Garbage colletion time (default 120)
+ Garbage colletion time
@@ -22,7 +22,7 @@
Routing information timeout timer
u32:5-2147483647
- Routing information timeout timer (default 180)
+ Routing information timeout timer
@@ -35,7 +35,7 @@
Routing table update timer
u32:5-2147483647
- Routing table update timer in seconds (default 30)
+ Routing table update timer in seconds
diff --git a/interface-definitions/include/snmp/access-mode.xml.i b/interface-definitions/include/snmp/access-mode.xml.i
index 1fce2364e..71c766774 100644
--- a/interface-definitions/include/snmp/access-mode.xml.i
+++ b/interface-definitions/include/snmp/access-mode.xml.i
@@ -7,7 +7,7 @@
ro
- Read-Only (default)
+ Read-Only
rw
diff --git a/interface-definitions/include/snmp/authentication-type.xml.i b/interface-definitions/include/snmp/authentication-type.xml.i
index 2a545864a..ca0bb10a6 100644
--- a/interface-definitions/include/snmp/authentication-type.xml.i
+++ b/interface-definitions/include/snmp/authentication-type.xml.i
@@ -7,7 +7,7 @@
md5
- Message Digest 5 (default)
+ Message Digest 5
sha
diff --git a/interface-definitions/include/snmp/privacy-type.xml.i b/interface-definitions/include/snmp/privacy-type.xml.i
index 47a1e632e..94029a6c6 100644
--- a/interface-definitions/include/snmp/privacy-type.xml.i
+++ b/interface-definitions/include/snmp/privacy-type.xml.i
@@ -7,7 +7,7 @@
des
- Data Encryption Standard (default)
+ Data Encryption Standard
aes
diff --git a/interface-definitions/include/snmp/protocol.xml.i b/interface-definitions/include/snmp/protocol.xml.i
index 335736724..ebdeef87e 100644
--- a/interface-definitions/include/snmp/protocol.xml.i
+++ b/interface-definitions/include/snmp/protocol.xml.i
@@ -7,7 +7,7 @@
udp
- Listen protocol UDP (default)
+ Listen protocol UDP
tcp
diff --git a/interface-definitions/include/vpn-ipsec-encryption.xml.i b/interface-definitions/include/vpn-ipsec-encryption.xml.i
index 9ef2f7c90..faa264d2f 100644
--- a/interface-definitions/include/vpn-ipsec-encryption.xml.i
+++ b/interface-definitions/include/vpn-ipsec-encryption.xml.i
@@ -11,7 +11,7 @@
aes128
- 128 bit AES-CBC (default)
+ 128 bit AES-CBC
aes192
diff --git a/interface-definitions/include/vpn-ipsec-hash.xml.i b/interface-definitions/include/vpn-ipsec-hash.xml.i
index 5a06b290e..b3ef4fb7a 100644
--- a/interface-definitions/include/vpn-ipsec-hash.xml.i
+++ b/interface-definitions/include/vpn-ipsec-hash.xml.i
@@ -15,7 +15,7 @@
sha1
- SHA1 HMAC (default)
+ SHA1 HMAC
sha1_160
diff --git a/interface-definitions/interfaces-bonding.xml.in b/interface-definitions/interfaces-bonding.xml.in
index 723041ca5..b98f4b960 100644
--- a/interface-definitions/interfaces-bonding.xml.in
+++ b/interface-definitions/interfaces-bonding.xml.in
@@ -66,7 +66,7 @@
layer2
- use MAC addresses to generate the hash (802.3ad, default)
+ use MAC addresses to generate the hash
layer2+3
@@ -115,7 +115,7 @@
slow
- Request partner to transmit LACPDUs every 30 seconds (default)
+ Request partner to transmit LACPDUs every 30 seconds
fast
@@ -135,7 +135,7 @@
802.3ad
- IEEE 802.3ad Dynamic link aggregation (Default)
+ IEEE 802.3ad Dynamic link aggregation
active-backup
diff --git a/interface-definitions/interfaces-bridge.xml.in b/interface-definitions/interfaces-bridge.xml.in
index 89a6d2303..fabfb917a 100644
--- a/interface-definitions/interfaces-bridge.xml.in
+++ b/interface-definitions/interfaces-bridge.xml.in
@@ -26,7 +26,7 @@
u32:10-1000000
- MAC address aging time in seconds (default: 300)
+ MAC address aging time in seconds
@@ -48,7 +48,7 @@
Forwarding delay
u32:0-200
- Spanning Tree Protocol forwarding delay in seconds (default 15)
+ Spanning Tree Protocol forwarding delay in seconds
@@ -62,7 +62,7 @@
Hello packet advertisement interval
u32:1-10
- Spanning Tree Protocol hello advertisement interval in seconds (default 2)
+ Spanning Tree Protocol hello advertisement interval in seconds
@@ -99,7 +99,7 @@
Interval at which neighbor bridges are removed
u32:1-40
- Bridge maximum aging time in seconds (default 20)
+ Bridge maximum aging time in seconds
@@ -195,7 +195,7 @@
Priority for this bridge
u32:0-65535
- Bridge priority (default 32768)
+ Bridge priority
diff --git a/interface-definitions/interfaces-ethernet.xml.in b/interface-definitions/interfaces-ethernet.xml.in
index 9e113cb71..be7bddfa4 100644
--- a/interface-definitions/interfaces-ethernet.xml.in
+++ b/interface-definitions/interfaces-ethernet.xml.in
@@ -41,7 +41,7 @@
auto
- Auto negotiation (default)
+ Auto negotiation
half
@@ -110,7 +110,7 @@
- Link speed (default: auto)
+ Link speed
auto 10 100 1000 2500 5000 10000 25000 40000 50000 100000
diff --git a/interface-definitions/interfaces-l2tpv3.xml.in b/interface-definitions/interfaces-l2tpv3.xml.in
index 85d4ab992..ba9bcb0a2 100644
--- a/interface-definitions/interfaces-l2tpv3.xml.in
+++ b/interface-definitions/interfaces-l2tpv3.xml.in
@@ -20,7 +20,7 @@
#include
- UDP destination port for L2TPv3 tunnel (default: 5000)
+ UDP destination port for L2TPv3 tunnel
u32:1-65535
Numeric IP port
@@ -36,7 +36,7 @@
#include
- Encapsulation type (default: UDP)
+ Encapsulation type
udp ip
@@ -102,7 +102,7 @@
- UDP source port for L2TPv3 tunnel (default: 5000)
+ UDP source port for L2TPv3 tunnel
u32:1-65535
Numeric IP port
diff --git a/interface-definitions/interfaces-macsec.xml.in b/interface-definitions/interfaces-macsec.xml.in
index 598935e51..7206e57b1 100644
--- a/interface-definitions/interfaces-macsec.xml.in
+++ b/interface-definitions/interfaces-macsec.xml.in
@@ -36,7 +36,7 @@
gcm-aes-128
- Galois/Counter Mode of AES cipher with 128-bit key (default)
+ Galois/Counter Mode of AES cipher with 128-bit key
gcm-aes-256
@@ -84,7 +84,7 @@
- Priority of MACsec Key Agreement protocol (MKA) actor (default: 255)
+ Priority of MACsec Key Agreement protocol (MKA) actor
u32:0-255
MACsec Key Agreement protocol (MKA) priority
diff --git a/interface-definitions/interfaces-openvpn.xml.in b/interface-definitions/interfaces-openvpn.xml.in
index 16d91145f..eb574eb52 100644
--- a/interface-definitions/interfaces-openvpn.xml.in
+++ b/interface-definitions/interfaces-openvpn.xml.in
@@ -38,7 +38,7 @@
#include
- OpenVPN interface device-type (default: tun)
+ OpenVPN interface device-type
tun tap
@@ -206,7 +206,7 @@
- Maximum number of keepalive packet failures (default: 60)
+ Maximum number of keepalive packet failures
u32:0-1000
Maximum number of keepalive packet failures
@@ -219,7 +219,7 @@
- Keepalive packet interval in seconds (default: 10)
+ Keepalive packet interval in seconds
u32:0-600
Keepalive packet interval (seconds)
@@ -613,13 +613,13 @@
- Topology for clients (default: net30)
+ Topology for clients
net30 point-to-point subnet
net30
- net30 topology (default)
+ net30 topology
point-to-point
@@ -647,7 +647,7 @@
- Maximum allowed clock slop in seconds (default: 180)
+ Maximum allowed clock slop in seconds
1-65535
Seconds
@@ -660,7 +660,7 @@
- Time drift in seconds (default: 0)
+ Time drift in seconds
1-65535
Seconds
@@ -673,7 +673,7 @@
- Step value for totp in seconds (default: 30)
+ Step value for totp in seconds
1-65535
Seconds
@@ -686,7 +686,7 @@
- Number of digits to use for totp hash (default: 6)
+ Number of digits to use for totp hash
1-65535
Seconds
@@ -699,7 +699,7 @@
- Expect password as result of a challenge response protocol (default: enabled)
+ Expect password as result of a challenge response protocol
disable enable
@@ -709,7 +709,7 @@
enable
- Enable chalenge-response (default)
+ Enable chalenge-response
^(disable|enable)$
diff --git a/interface-definitions/interfaces-pppoe.xml.in b/interface-definitions/interfaces-pppoe.xml.in
index 80a890940..ed0e45840 100644
--- a/interface-definitions/interfaces-pppoe.xml.in
+++ b/interface-definitions/interfaces-pppoe.xml.in
@@ -23,7 +23,7 @@
#include
- Default route insertion behaviour (default: auto)
+ Default route insertion behaviour
auto none force
diff --git a/interface-definitions/interfaces-tunnel.xml.in b/interface-definitions/interfaces-tunnel.xml.in
index fd69fd177..eb1708aaa 100644
--- a/interface-definitions/interfaces-tunnel.xml.in
+++ b/interface-definitions/interfaces-tunnel.xml.in
@@ -241,7 +241,7 @@
u32:0-255
- Encapsulation limit (default: 4)
+ Encapsulation limit
none
@@ -261,7 +261,7 @@
Hoplimit
u32:0-255
- Hop limit (default: 64)
+ Hop limit
diff --git a/interface-definitions/interfaces-wireless.xml.in b/interface-definitions/interfaces-wireless.xml.in
index a2d1439a3..5b79ac671 100644
--- a/interface-definitions/interfaces-wireless.xml.in
+++ b/interface-definitions/interfaces-wireless.xml.in
@@ -291,7 +291,7 @@
0
- 20 or 40 MHz channel width (default)
+ 20 or 40 MHz channel width
1
@@ -431,7 +431,7 @@
- Wireless radio channel (default: 0)
+ Wireless radio channel
0
Automatic Channel Selection (ACS)
@@ -515,7 +515,7 @@
disabled
- no MFP (hostapd default)
+ no MFP
optional
@@ -546,7 +546,7 @@
g
- 802.11g - 54 Mbits/sec (default)
+ 802.11g - 54 Mbits/sec
n
@@ -564,7 +564,7 @@
- Wireless physical device (default: phy0)
+ Wireless physical device
diff --git a/interface-definitions/protocols-rpki.xml.in b/interface-definitions/protocols-rpki.xml.in
index a73d0aae4..68762ff9a 100644
--- a/interface-definitions/protocols-rpki.xml.in
+++ b/interface-definitions/protocols-rpki.xml.in
@@ -82,7 +82,7 @@
- RPKI cache polling period (default: 300)
+ RPKI cache polling period
u32:1-86400
Polling period in seconds
diff --git a/interface-definitions/service_console-server.xml.in b/interface-definitions/service_console-server.xml.in
index 28aa7ea71..549edb813 100644
--- a/interface-definitions/service_console-server.xml.in
+++ b/interface-definitions/service_console-server.xml.in
@@ -41,7 +41,7 @@
- Serial port data bits (default: 8)
+ Serial port data bits
7 8
@@ -53,7 +53,7 @@
- Serial port stop bits (default: 1)
+ Serial port stop bits
1 2
@@ -65,7 +65,7 @@
- Parity setting (default: none)
+ Parity setting
even odd none
diff --git a/interface-definitions/service_monitoring_telegraf.xml.in b/interface-definitions/service_monitoring_telegraf.xml.in
index 0db9052ff..f0a94d6a9 100644
--- a/interface-definitions/service_monitoring_telegraf.xml.in
+++ b/interface-definitions/service_monitoring_telegraf.xml.in
@@ -44,19 +44,19 @@
- Remote bucket, by default (main)
+ Remote bucket
main
- Source parameters for monitoring (default: all)
+ Source parameters for monitoring
all hardware-utilization logs network system telegraf
all
- All parameters (default)
+ All parameters
hardware-utilization
diff --git a/interface-definitions/service_router-advert.xml.in b/interface-definitions/service_router-advert.xml.in
index 0f4009f5c..ce1da85aa 100644
--- a/interface-definitions/service_router-advert.xml.in
+++ b/interface-definitions/service_router-advert.xml.in
@@ -18,7 +18,7 @@
- Set Hop Count field of the IP header for outgoing packets (default: 64)
+ Set Hop Count field of the IP header for outgoing packets
u32:0
Unspecified (by this router)
@@ -63,7 +63,7 @@
medium
- Default router has medium preference (default)
+ Default router has medium preference
high
@@ -108,7 +108,7 @@
- Maximum interval between unsolicited multicast RAs (default: 600)
+ Maximum interval between unsolicited multicast RAs
u32:4-1800
Maximum interval in seconds
@@ -156,7 +156,7 @@
- Time in seconds that the route will remain valid (default: 1800 seconds)
+ Time in seconds that the route will remain valid
infinity
@@ -187,7 +187,7 @@
medium
- Route has medium preference (default)
+ Route has medium preference
high
@@ -234,7 +234,7 @@
- Time in seconds that the prefix will remain preferred (default 4 hours)
+ Time in seconds that the prefix will remain preferred
infinity
@@ -255,7 +255,7 @@
- Time in seconds that the prefix will remain valid (default: 30 days)
+ Time in seconds that the prefix will remain valid
infinity
diff --git a/interface-definitions/service_webproxy.xml.in b/interface-definitions/service_webproxy.xml.in
index 03f504ac7..92e5ca37b 100644
--- a/interface-definitions/service_webproxy.xml.in
+++ b/interface-definitions/service_webproxy.xml.in
@@ -28,7 +28,7 @@
- Number of authentication helper processes (default: 5)
+ Number of authentication helper processes
n
Number of authentication helper processes
@@ -41,7 +41,7 @@
- Authenticated session time to live in minutes (default: 60)
+ Authenticated session time to live in minutes
n
Authenticated session timeout
@@ -105,7 +105,7 @@
- LDAP protocol version (default: 3)
+ LDAP protocol version
2 3
@@ -177,7 +177,7 @@
- Default Proxy Port (default: 3128)
+ Default Proxy Port
u32:1025-65535
Default port number
@@ -190,7 +190,11 @@
- Cache peer ICP port (default: disabled)
+ Cache peer ICP port
+
+ u32:0
+ Cache peer disabled
+
u32:1-65535
Cache peer ICP port
@@ -203,7 +207,7 @@
- Cache peer options (default: "no-query default")
+ Cache peer options
txt
Cache peer options
@@ -239,7 +243,7 @@
- Disk cache size in MB (default: 100)
+ Disk cache size in MB
u32
Disk cache size in MB
@@ -253,7 +257,7 @@
- Default Proxy Port (default: 3128)
+ Default Proxy Port
u32:1025-65535
Default port number
@@ -296,7 +300,7 @@
- Default Proxy Port (default: 3128)
+ Default Proxy Port
u32:1025-65535
Default port number
@@ -399,7 +403,7 @@
- Hour of day for database update [REQUIRED]
+ Hour of day for database update
u32:0-23
Hour for database update
@@ -414,7 +418,7 @@
- Redirect URL for filtered websites (default: block.vyos.net)
+ Redirect URL for filtered websites
url
URL for redirect
diff --git a/interface-definitions/snmp.xml.in b/interface-definitions/snmp.xml.in
index 67d3aef9a..b9e0f4cc5 100644
--- a/interface-definitions/snmp.xml.in
+++ b/interface-definitions/snmp.xml.in
@@ -26,7 +26,7 @@
ro
- Read-Only (default)
+ Read-Only
rw
@@ -226,7 +226,7 @@
auth
- Messages are authenticated but not encrypted (authNoPriv, default)
+ Messages are authenticated but not encrypted (authNoPriv)
priv
@@ -329,7 +329,7 @@
inform trap
- inform (default)
+ inform
Use INFORM
diff --git a/interface-definitions/ssh.xml.in b/interface-definitions/ssh.xml.in
index e3b9d16e1..187e5f8e8 100644
--- a/interface-definitions/ssh.xml.in
+++ b/interface-definitions/ssh.xml.in
@@ -105,7 +105,7 @@
^(quiet|fatal|error|info|verbose)$
- INFO
+ info
diff --git a/interface-definitions/system-ip.xml.in b/interface-definitions/system-ip.xml.in
index 86fbe5701..1fa63d517 100644
--- a/interface-definitions/system-ip.xml.in
+++ b/interface-definitions/system-ip.xml.in
@@ -15,7 +15,7 @@
- Maximum number of entries to keep in the ARP cache (default: 8192)
+ Maximum number of entries to keep in the ARP cache
1024 2048 4096 8192 16384 32768
diff --git a/interface-definitions/system-login.xml.in b/interface-definitions/system-login.xml.in
index 4bfe82268..a5519ee88 100644
--- a/interface-definitions/system-login.xml.in
+++ b/interface-definitions/system-login.xml.in
@@ -124,7 +124,7 @@
Session timeout
u32:1-30
- Session timeout in seconds (default: 2)
+ Session timeout in seconds
@@ -138,7 +138,7 @@
Server priority
u32:1-255
- Server priority (default: 255)
+ Server priority
diff --git a/interface-definitions/system-logs.xml.in b/interface-definitions/system-logs.xml.in
index 8b6c7c399..1caa7abb6 100644
--- a/interface-definitions/system-logs.xml.in
+++ b/interface-definitions/system-logs.xml.in
@@ -23,7 +23,7 @@
Size of a single log file that triggers rotation
u32:1-1024
- Size in MB (default: 10)
+ Size in MB
@@ -37,7 +37,7 @@
Count of rotations before old logs will be deleted
u32:1-100
- Rotations (default: 10)
+ Rotations
@@ -58,7 +58,7 @@
Size of a single log file that triggers rotation
u32:1-1024
- Size in MB (default: 1)
+ Size in MB
@@ -72,7 +72,7 @@
Count of rotations before old logs will be deleted
u32:1-100
- Rotations (default: 10)
+ Rotations
diff --git a/interface-definitions/vpn_ipsec.xml.in b/interface-definitions/vpn_ipsec.xml.in
index dae76218f..147bb99ba 100644
--- a/interface-definitions/vpn_ipsec.xml.in
+++ b/interface-definitions/vpn_ipsec.xml.in
@@ -30,7 +30,7 @@
disable
- Disable ESP compression (default)
+ Disable ESP compression
enable
@@ -47,7 +47,7 @@
ESP lifetime
u32:30-86400
- ESP lifetime in seconds (default: 3600)
+ ESP lifetime in seconds
@@ -87,7 +87,7 @@
tunnel
- Tunnel mode (default)
+ Tunnel mode
transport
@@ -107,7 +107,7 @@
enable
- Inherit Diffie-Hellman group from the IKE group (default)
+ Inherit Diffie-Hellman group from the IKE group
dh-group1
@@ -235,7 +235,7 @@
none
- Do nothing (default)
+ Do nothing
hold
@@ -267,7 +267,7 @@
hold
- Attempt to re-negotiate the connection when matching traffic is seen (default)
+ Attempt to re-negotiate the connection when matching traffic is seen
clear
@@ -287,7 +287,7 @@
Keep-alive interval
u32:2-86400
- Keep-alive interval in seconds (default: 30)
+ Keep-alive interval in seconds
@@ -299,7 +299,7 @@
Dead Peer Detection keep-alive timeout (IKEv1 only)
u32:2-86400
- Keep-alive timeout in seconds (default 120)
+ Keep-alive timeout in seconds
@@ -310,7 +310,7 @@
- Re-authentication of the remote peer during an IKE re-key. IKEv2 option only
+ Re-authentication of the remote peer during an IKE re-key - IKEv2 only
yes no
@@ -320,7 +320,7 @@
no
- Disable remote host re-authenticaton during an IKE rekey. (default)
+ Disable remote host re-authenticaton during an IKE rekey
^(yes|no)$
@@ -351,7 +351,7 @@
IKE lifetime
u32:30-86400
- IKE lifetime in seconds (default: 28800)
+ IKE lifetime in seconds
@@ -367,7 +367,7 @@
enable
- Enable MOBIKE (default for IKEv2)
+ Enable MOBIKE
disable
@@ -386,7 +386,7 @@
main
- Use the main mode (recommended, default)
+ Use the main mode (recommended)
aggressive
@@ -533,7 +533,7 @@
strongSwan logging Level
0
- Very basic auditing logs e.g. SA up/SA down (default)
+ Very basic auditing logs e.g. SA up/SA down
1
@@ -791,7 +791,7 @@
u32:1-86400
- Timeout in seconds (default: 28800)
+ Timeout in seconds
@@ -1067,7 +1067,7 @@
inherit
- Inherit the reauth configuration form your IKE-group (default)
+ Inherit the reauth configuration form your IKE-group
^(yes|no|inherit)$
diff --git a/interface-definitions/vpn_l2tp.xml.in b/interface-definitions/vpn_l2tp.xml.in
index 6a88756a7..9ca7b1fad 100644
--- a/interface-definitions/vpn_l2tp.xml.in
+++ b/interface-definitions/vpn_l2tp.xml.in
@@ -88,7 +88,7 @@
IKE lifetime
u32:30-86400
- IKE lifetime in seconds (default 3600)
+ IKE lifetime in seconds
@@ -101,7 +101,7 @@
ESP lifetime
u32:30-86400
- IKE lifetime in seconds (default 3600)
+ IKE lifetime in seconds
@@ -135,7 +135,7 @@
PPP idle timeout
u32:30-86400
- PPP idle timeout in seconds (default 1800)
+ PPP idle timeout in seconds
@@ -206,7 +206,7 @@
- Timeout to wait reply for Interim-Update packets. (default 3 seconds)
+ Timeout to wait reply for Interim-Update packets
@@ -244,7 +244,7 @@
- Specifies which radius attribute contains rate information. (default is Filter-Id)
+ Specifies which radius attribute contains rate information
diff --git a/interface-definitions/vpn_openconnect.xml.in b/interface-definitions/vpn_openconnect.xml.in
index 0db5e79d0..3fc34bacc 100644
--- a/interface-definitions/vpn_openconnect.xml.in
+++ b/interface-definitions/vpn_openconnect.xml.in
@@ -41,7 +41,7 @@
Session timeout
u32:1-30
- Session timeout in seconds (default: 2)
+ Session timeout in seconds
@@ -61,10 +61,10 @@
- tcp port number to accept connections (default: 443)
+ tcp port number to accept connections
u32:1-65535
- Numeric IP port (default: 443)
+ Numeric IP port
@@ -74,10 +74,10 @@
- udp port number to accept connections (default: 443)
+ udp port number to accept connections
u32:1-65535
- Numeric IP port (default: 443)
+ Numeric IP port
@@ -160,7 +160,7 @@
Prefix length used for individual client
u32:48-128
- Client prefix length (default: 64)
+ Client prefix length
diff --git a/interface-definitions/zone-policy.xml.in b/interface-definitions/zone-policy.xml.in
index 69ee031c7..b898c3ecd 100644
--- a/interface-definitions/zone-policy.xml.in
+++ b/interface-definitions/zone-policy.xml.in
@@ -27,7 +27,7 @@
drop
- Drop silently (default)
+ Drop silently
reject
@@ -97,7 +97,7 @@
accept
- Accept traffic (default)
+ Accept traffic
drop
@@ -138,7 +138,7 @@
Zone to be local-zone
-
+
diff --git a/scripts/build-command-templates b/scripts/build-command-templates
index d8abb0a13..876f5877c 100755
--- a/scripts/build-command-templates
+++ b/scripts/build-command-templates
@@ -117,7 +117,7 @@ def collect_validators(ve):
return regex_args + " " + validator_args
-def get_properties(p):
+def get_properties(p, default=None):
props = {}
if p is None:
@@ -125,7 +125,12 @@ def get_properties(p):
# Get the help string
try:
- props["help"] = p.find("help").text
+ help = p.find("help").text
+ if default != None:
+ # DNS forwarding for instance has multiple defaults - specified as whitespace separated list
+ tmp = ', '.join(default.text.split())
+ help += f' (default: {tmp})'
+ props["help"] = help
except:
pass
@@ -134,7 +139,11 @@ def get_properties(p):
vhe = p.findall("valueHelp")
vh = []
for v in vhe:
- vh.append( (v.find("format").text, v.find("description").text) )
+ format = v.find("format").text
+ description = v.find("description").text
+ if default != None and default.text == format:
+ description += f' (default)'
+ vh.append( (format, description) )
props["val_help"] = vh
except:
props["val_help"] = []
@@ -271,7 +280,7 @@ def process_node(n, tmpl_dir):
print("Name of the node: {0}. Created directory: {1}\n".format(name, "/".join(my_tmpl_dir)), end="")
os.makedirs(make_path(my_tmpl_dir), exist_ok=True)
- props = get_properties(props_elem)
+ props = get_properties(props_elem, n.find("defaultValue"))
if owner:
props["owner"] = owner
# Type should not be set for non-tag, non-leaf nodes
--
cgit v1.2.3
From 0daf168d3d7583984431de2ef97682ff4c986f74 Mon Sep 17 00:00:00 2001
From: Christian Poessinger
Date: Fri, 25 Feb 2022 22:30:34 +0100
Subject: zone-policy: T2199: bugfix defaultValue usage
Instead of hardcoding the default behavior inside the Jinaj2 template, all
defaults are required to be specified inside teh XML definition. This is
required to automatically render the appropriate CLI tab completion commands.
---
data/templates/zone_policy/nftables.tmpl | 12 ++++++------
interface-definitions/zone-policy.xml.in | 1 +
src/conf_mode/zone_policy.py | 24 ++++++++++++++++++------
3 files changed, 25 insertions(+), 12 deletions(-)
(limited to 'interface-definitions/zone-policy.xml.in')
diff --git a/data/templates/zone_policy/nftables.tmpl b/data/templates/zone_policy/nftables.tmpl
index 093da6bd8..4a6bd2772 100644
--- a/data/templates/zone_policy/nftables.tmpl
+++ b/data/templates/zone_policy/nftables.tmpl
@@ -16,7 +16,7 @@ table ip filter {
iifname { {{ zone[from_zone].interface | join(",") }} } counter jump NAME_{{ from_conf.firewall.name }}
iifname { {{ zone[from_zone].interface | join(",") }} } counter return
{% endfor %}
- counter {{ zone_conf.default_action if zone_conf.default_action is defined else 'drop' }}
+ counter {{ zone_conf.default_action }}
}
chain VZONE_{{ zone_name }}_OUT {
oifname lo counter return
@@ -24,7 +24,7 @@ table ip filter {
oifname { {{ zone[from_zone].interface | join(",") }} } counter jump NAME_{{ from_conf.firewall.name }}
oifname { {{ zone[from_zone].interface | join(",") }} } counter return
{% endfor %}
- counter {{ zone_conf.default_action if zone_conf.default_action is defined else 'drop' }}
+ counter {{ zone_conf.default_action }}
}
{% else %}
chain VZONE_{{ zone_name }} {
@@ -38,7 +38,7 @@ table ip filter {
iifname { {{ zone[from_zone].interface | join(",") }} } counter return
{% endif %}
{% endfor %}
- counter {{ zone_conf.default_action if zone_conf.default_action is defined else 'drop' }}
+ counter {{ zone_conf.default_action }}
}
{% endif %}
{% endfor %}
@@ -53,7 +53,7 @@ table ip6 filter {
iifname { {{ zone[from_zone].interface | join(",") }} } counter jump NAME6_{{ from_conf.firewall.ipv6_name }}
iifname { {{ zone[from_zone].interface | join(",") }} } counter return
{% endfor %}
- counter {{ zone_conf.default_action if zone_conf.default_action is defined else 'drop' }}
+ counter {{ zone_conf.default_action }}
}
chain VZONE6_{{ zone_name }}_OUT {
oifname lo counter return
@@ -61,7 +61,7 @@ table ip6 filter {
oifname { {{ zone[from_zone].interface | join(",") }} } counter jump NAME6_{{ from_conf.firewall.ipv6_name }}
oifname { {{ zone[from_zone].interface | join(",") }} } counter return
{% endfor %}
- counter {{ zone_conf.default_action if zone_conf.default_action is defined else 'drop' }}
+ counter {{ zone_conf.default_action }}
}
{% else %}
chain VZONE6_{{ zone_name }} {
@@ -75,7 +75,7 @@ table ip6 filter {
iifname { {{ zone[from_zone].interface | join(",") }} } counter return
{% endif %}
{% endfor %}
- counter {{ zone_conf.default_action if zone_conf.default_action is defined else 'drop' }}
+ counter {{ zone_conf.default_action }}
}
{% endif %}
{% endfor %}
diff --git a/interface-definitions/zone-policy.xml.in b/interface-definitions/zone-policy.xml.in
index b898c3ecd..eac63fa6b 100644
--- a/interface-definitions/zone-policy.xml.in
+++ b/interface-definitions/zone-policy.xml.in
@@ -37,6 +37,7 @@
^(drop|reject)$
+ drop
diff --git a/src/conf_mode/zone_policy.py b/src/conf_mode/zone_policy.py
index 683f8f034..dc0617353 100755
--- a/src/conf_mode/zone_policy.py
+++ b/src/conf_mode/zone_policy.py
@@ -1,6 +1,6 @@
#!/usr/bin/env python3
#
-# Copyright (C) 2021 VyOS maintainers and contributors
+# Copyright (C) 2021-2022 VyOS maintainers and contributors
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2 or later as
@@ -20,10 +20,12 @@ from json import loads
from sys import exit
from vyos.config import Config
+from vyos.configdict import dict_merge
from vyos.template import render
from vyos.util import cmd
from vyos.util import dict_search_args
from vyos.util import run
+from vyos.xml import defaults
from vyos import ConfigError
from vyos import airbag
airbag.enable()
@@ -36,12 +38,22 @@ def get_config(config=None):
else:
conf = Config()
base = ['zone-policy']
- zone_policy = conf.get_config_dict(base, key_mangling=('-', '_'), get_first_key=True,
- no_tag_node_value_mangle=True)
+ zone_policy = conf.get_config_dict(base, key_mangling=('-', '_'),
+ get_first_key=True,
+ no_tag_node_value_mangle=True)
- if zone_policy:
- zone_policy['firewall'] = conf.get_config_dict(['firewall'], key_mangling=('-', '_'), get_first_key=True,
- no_tag_node_value_mangle=True)
+ zone_policy['firewall'] = conf.get_config_dict(['firewall'],
+ key_mangling=('-', '_'),
+ get_first_key=True,
+ no_tag_node_value_mangle=True)
+
+ if 'zone' in zone_policy:
+ # We have gathered the dict representation of the CLI, but there are default
+ # options which we need to update into the dictionary retrived.
+ default_values = defaults(base + ['zone'])
+ for zone in zone_policy['zone']:
+ zone_policy['zone'][zone] = dict_merge(default_values,
+ zone_policy['zone'][zone])
return zone_policy
--
cgit v1.2.3